NB (May 20, 2010): A lot of my suggestions for web-based apps are part of the Google Chrome Web App Store. In fact, the .crx file used there is a zip file with very similar characteristics to epub. (I assume, as Chromium is open source, that .crx files are also open source – so the web app store is not limited to Google.) This post can be reread as an argument for building for the Web App Store.

At Intersection: Publishing in London the other week, there was a lot of discussion from publishers looking at mobile apps as their mobile publishing solution. Rather than creating ebooks, there seemed to be a general feeling that dedicated applications presented more of an opportunity for richer content, while closing the door to pirates and ensuring that publications remained a paid commodity.

The piracy argument is kind of spurious: although app stores tend to be locked down, this presents a false security blanket for publishers. It only takes one person to crack a store for piracy to be generally possible; technology only ever becomes less secure over time. A cynical person might suggest that the piracy argument is largely spread by the people who own the app stores or provide related services. The people who will suffer are authors and publishers.

Why apps rock

However, there’s definitely an argument for using apps – not just for publishers, but for anyone who wants to create dynamic content. Anyone who’s ever owned an iPhone will tell you that native applications can still provide a smoother, more consistent experience than a web app, without the hassle of remembering website addresses or waiting for pages to load. Tweetie is a million miles better than Twitter’s mobile website – something they themselves acknowledged when they acquired the iPhone application last month.

Above, mobile Twitter is on the left; Tweetie is on the right.

The app doesn’t need to load its interface from the web; only the underlying data is downloaded, meaning the app can appear instantaneously, loads data faster, and provides a better user experience.

The mobile web app needs to sit within the browser chrome (URL and search boxes, browser buttons on the bottom, and in my case, a debug toolbar). The app, on the other hand, has a full-screen UI dedicated to Twitter.

Why the web rocks

The mobile landscape right now is a bit like the personal computing landscape circa 1985. There are a bunch of different platforms to code for:

Each of these platforms is different under the hood, and must be developed for separately. Most developers and publishers can’t afford to do this – there isn’t a way to write once and cross-compile to many platforms at once. In fact, Apple recently specifically forbade this: if you’re developing an Apple app, you’re doing so natively, or you’re violating that platform’s terms of use.

However, each of these platforms have one thing in common: they support the web.

HTML5 and ePub: a new platform for apps

As you’re probably aware already, the upcoming HTML5 standard revises the web platform to become far more suitable for apps. Improvements include:

This is a big deal. Compliant browsers like Firefox, Safari, Chrome and even the upcoming Microsoft Internet Explorer 9 will be able to run applications that look and feel like native software but are powered by web standards. Between those browser engines, that’s most of the mobile platforms covered: those that don’t have an HTML5 browser built in by default should have one available to download. What’s more, both Firefox’s Gecko HTML rendering engine and the WebKit engine that powers both Chrome and Safari are open source, so anyone can pick them up and build software around them.

So sites on the wider web can be more like applications. That’s fantastic news in itself, but what about the app store model? A lot of people depend on that for revenue, and there’s no reason why that should be incompatible with using web standards.

Luckily, it turns out that ePub – the ebook standard – is really just a bunch of XHTML 1.1 pages drawn together in a specialized way and bundled up in a modified zip file. There are already established best practices for buying and selling ebooks.

If the ePub standard was updated to allow HTML5, it would evolve into a format for self-contained, multi-platform apps that could be sold in the same way as ebooks, music, videos, or apps in something like the iTunes App Store. Except app publishers would only need to build once to support many different kinds of mobile platform, thereby reducing the barrier to entry and allowing their budgets to be concentrated on building just one really awesome piece of software instead of spread across multiple devices.

This would be in a lot of peoples’ interests: app publishers, device manufacturers, browser vendors and consumers alike. There’s a lot of money tied up in a venture like this. The only question is, will the International Digital Publishing Forum, which controls the ePub standard, be foresighted enough to see this opportunity?

HTML5, the new web standard that has been adopted by Apple, Google and many others, lets web developers create advanced graphics, typography, animations and transitions without relying on third party browser plug-ins (like Flash). HTML5 is completely open and controlled by a standards committee, of which Apple is a member.

[…] Flash was created during the PC era – for PCs and mice. Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.

[…] New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too). Perhaps Adobe should focus more on creating great HTML5 tools for the future, and less on criticizing Apple for leaving the past behind.

In response to recent events, I’d like to propose a different kind of web service that overcomes the privacy and reliability issues with cloud web applications, while providing a solid business model for both application developers and service providers, as well as a seamless, easy-to-use experience for end users.

The T-Mobile storm

Over the weekend there’s been a storm surrounding the T-Mobile Sidekick, which is produced by Microsoft’s Danger subsidiary. It turns out the device stores the primary copy of data like calendar and address book information in the cloud rather than on each device; perhaps a fair proposition if you knew you could trust Microsoft’s servers. Unfortunately, said servers went down last week, and Microsoft didn’t have a working backup. Sidekick users suddenly found themselves without their personal information.

The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud–Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers.

The issues surrounding cloud computing have been discussed for a while, and aren’t limited to these sorts of accidents; here’s a post I wrote in 2007 about the rights we ought to have over our cloud data. Partially because of the risks involved, and the risk of leaky data, some kinds of organizations and enterprises simply can’t use cloud computing services. (In the UK, for example, check out the requirements imposed by the Data Protection Act.) At the same time, the Sidekick debacle shows there are clear risks to end-user consumers too.

Despite this, the benefits of cloud computing are obvious, particularly for the organizations that can’t use them: device-independent applications and data we can access and use from anywhere.

Can we have the best of both worlds?

The personal computing model is relatively secure: you install applications on your computer, and they sit on your local hard drive, along with your data. Assuming there hasn’t been a security breach, or you haven’t explicitly provided access to your data over a network or through a direct action like emailing it, it’s safe.

On the other hand, because your applications and data are locked away on your hard drive, you generally have to have direct access to it in order to use them. There are remote desktop solutions like VNC, but these are clunky and fairly useless over a low bandwidth connection.

Web applications that store their data in the cloud overcome this obstacle, but lose the security of sitting on your own computer.

What if there was a halfway house between these two situations?

The personal web server that works

Theoretically, anyone can run their own web server, right now, that allows them to install web applications in a more secure, controlled environment and access them from anywhere. But there are some very good reasons why they don’t:

You need system administrator skills, usually on top of Linux skills, to do it.

The web applications you can install on your own server are often not as good as the ones you can get in the cloud.

When something breaks, it’s your own responsibility to fix it.

Servers are expensive.

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

One of the reasons everyone’s leaping to copy the iPhone’s app store business model is that it just works. Sure, you’re forced to delegate root control of the phone to iTunes, and the operating system places some seemingly arbitrary restrictions on what applications can and can’t do. But the handset works, and installing software is easier than on any other platform. The truth is, most ordinary users don’t care about those restrictions. Hell, I’m a computer scientist software developer entrepreneur power user, and I’m just happy the thing works. (Context: my previous phone ran Windows Mobile, which doesn’t.)

Imagine if you could get your own server environment that was as easy to use as the iPhone. It would look something like this:

Front end & business model

You sign up for the service, possibly for a small monthly fee, possibly for free (depending on the service provider). Alternatively, if you’re more technical / an enterprise / an organization, you install it on your own infrastructure. The platform is available for free and could be open source.

From a secure web-based admin panel, you can add and remove users (although the platform optionally also supports Active Directory and similar standards, as well as OpenID), and install / uninstall applications from a centralized app store with the usual features: ratings, search, similar apps, etc. Installation is one-click, and upgrades are similarly seamless. (That WordPress “what, I have to upgrade again?” problem: solved.)

Much like the iTunes app store, applications may be free, or may cost a small amount. Applications may impose licensing restrictions based on number of users: for example, the app costs $4.99 for up to 5 users, $19.99 for up to 25, etc.

As with the iTunes app store, the application store provider takes a cut – and so does the service provider. This creates a strong incentive for multiple vendors to provide hosted services for little cost. It also effectively creates a discount for enterprise, organizational and technical users, who can bypass a service provider. The payment to the web application developer also, for the first time, creates a solid commercial marketplace for high quality web application products, while the free option allows open source vendors to distribute as normal.

Technology

Behind the scenes, the server runs existing open source technology: Apache, Tomcat, PHP, Perl, Python, Ruby on Rails, MySQL, Postgres, etc. However, there are restrictions on how applications must be structured, behave and share their data. This allows the one-click install and upgrades to function correctly. Importantly, though, users of the system need never worry about the underlying framework.

The platform has a central data store that all applications may access via an API. This data store is fully exportable, allowing (for example) a datastore stored with a service provider to be moved to an internal setup as an organization expands. As with the iTunes app store, applications are linked to a store account rather than a physical machine, so the application licenses are portable too.

Of course, this wouldn’t replace standard web servers. What it does provide, however, is a simple cloud operating system that simultaneously works in a more secure, dependable way than existing services, would be more acceptable to many organizational users, and provides a genuine business model for web application developers.

The web is now an end user application platform, but still behaves like a lightweight document store. To obtain the level of software customization we all enjoy on our home PCs, a much higher level of technical competence is required. I strongly believe that this situation must change for the web to be a viable commercial application framework.